How to configure request authentication rule for JWT token signed with HS256

If I have a JWT token signed by HS256 algorithm (symmetric compared with RS256), how should I configure the JWTRule in RequestAuthentication to verify it?

If I know it is signed by using some secret <some private secret>, where should I put it in the yaml?
Should I inline it in jwks field? If so, how should I generate such an inline jwks?

Seems jwks is the place to get started.